7849f3401d5517da28d96bb636e14994af853127f573f4a83c05a30b880a7ebf

Analysis

max time kernel
1829s
max time network
1798s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
19-04-2024 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Voice_Cloning_base.apk
Size

13.4MB
MD5

dc249fd4071a32f233c5255fd6c14af4
SHA1

cd10f5aad2771657863e364c5268fcbb44e581f1
SHA256

7849f3401d5517da28d96bb636e14994af853127f573f4a83c05a30b880a7ebf
SHA512

ae00cc77a3b05331b4016278582697ac6f534611dc6b01a4944ebbfb6ff694e52d1dc4ee4e78b3f84c4d1772ec11513ad5f13b2a2e8a312f39dbfb74070fbeec
SSDEEP

393216:sLJHs0yQBZVTcRORZmx/d84rEl6Fwcas+uwVRGbHLdzgRig:8JMsBZVnR0I6FwvR3OHmRig

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.liba.voice

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.liba.voice

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.liba.voice/cache/1675452915457.jar	5093	com.liba.voice

Queries information about running processes on the device. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.liba.voice

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.liba.voice

com.liba.voice
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:5093

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.liba.voice/cache/1675452915457.jar

Filesize
11KB

MD5
600bb938c8786491180f21044aa0dd64

SHA1
fce0ae8f59adda36aa0452b65b8c40d892e2cf12

SHA256
f174040e033d1045ef13695b4337c8e1ad65331f2f103248025e2d080fccd037

SHA512
1c12e6ab3f72f39addb1a2ce77a09cc5f90747567b7306f563d6afcfb49c46dbc18afabf61d9af2e7d6588e4dd70cff9e6cc7ad87021c57c605343e0ddcf67ba

Download Submit
/data/data/com.liba.voice/cache/1713540894138.cg

Filesize
411B

MD5
4d0d0dc28a8acc7e74cb5789966ba1be

SHA1
798f19af61a7833cf822646dbd1ca230b6c03c97

SHA256
83d0667bfb563f4b40b5d8b7362523d65368c77b8080669b24543ec579fd424f

SHA512
b1bb5409ce09620a814550f307a6bf66481b09c0d2618ddac7ecf3b3cadd7226a8e79a9ba6b2e6e081ad3e96ab3f24efd4bac160af9ce189dae7209afc546546

Download Submit
/data/data/com.liba.voice/cache/1713540894537.cg

Filesize
137B

MD5
83e87e9b7c7c2b4461bfff7627af6291

SHA1
989e8982ba49d999914a0d0ddcbcb74d589b0e42

SHA256
3f48a3e8a1a8119ad69211bce9ddbb16d0e45cfcfc8cd63791811f5a46fc1eb8

SHA512
688af49c5cd2a9aa466da9bb8e7d374b2bb45a295d025526f3e0cbe269fd3387c2f574578098368a197ef9dd23849fa5949603d0ce55a71ef72e5538d630b2f3

Download Submit
/data/data/com.liba.voice/cache/1713540894539.cg

Filesize
36B

MD5
80bb7969bef6ba2288a59a696c012588

SHA1
a841b1c45c573d876605c440932617463aec6063

SHA256
3e9ce2e877ab4116a1b05eb74a64df0faebc45c65b84d48ed7f1b199b564a8c8

SHA512
4cb1a74c24134c6b781cb82aef4142cc6fc64acd5f32621cab7e06783c5b2bbc147c33cde0e4392058b0d29cd7b0d2c2ec3e36b80c3d045cda21823c8ccb8756

Download Submit
/data/data/com.liba.voice/cache/volley/-139605349995085421

Filesize
78KB

MD5
2b1f31eb8a3808c824934282de6ab32a

SHA1
da8a1bfc6892f6f09e06e57a01c8517073809930

SHA256
38a80b78de01f75e4a32b2bb03e45918eadf7ae9df19c9c73a87faa6a88f89f3

SHA512
b7fe01610e58a204461f9c06daaadb4ee6ac6868ec316d3c60acbd90e61652a5887ec53af72ab57ba585821c344e99e845fa5917d63bd1f11149f16ffc82fde4

Download Submit
/data/data/com.liba.voice/cache/volley/-1661412709-2019316947

Filesize
77KB

MD5
990ea3e45935d28b597e2ea557ae1ae0

SHA1
f6efcd1f9877fc76bd79cdda770361d539e9e057

SHA256
df8670e1a81c657a5af76e06dbd24685794457d77b7ed768a28c9a3d0324cca5

SHA512
cd424085197cc44a0c634f33ffd7f5d4f61557e458f73d3377d6462fa0643bd6cf1d7c2de85252ca56e7d9406b41b9433681e138fce7dfa7d7e73e5f9a408fd2

Download Submit
/data/data/com.liba.voice/databases/okdownload-breakpoint.db

Filesize
36KB

MD5
c492ac23bd93a88bbde48c65e9fd89df

SHA1
c40e051f5e9a582103df0258e1daa3167bfb0d95

SHA256
52b6290f4a82aacfdd4010b4bc28d8f7b832d1252ae572a3a93c2d91a323837c

SHA512
3e1a5411def1a46eb8b314586a3fe0b733e9b26c51b8a54ba6b9a7da1549322b43474575bfe3e3ac17fe23fbf50fdd788c51ce7de271b49239c95ccbf069a03c

Download Submit
/data/data/com.liba.voice/databases/okdownload-breakpoint.db-journal

Filesize
512B

MD5
a2bc9da4923e486d2b47e7fb3078ff79

SHA1
43d6f6a72109e6e34b650b198be9751243fab527

SHA256
4e1505764306c853d6aef635c29af542d3c0947026b2d0a7c0553f115f783daa

SHA512
54bbfa3dfe159b6289d1adea2787c58af0f895e296614f84ced821974a02dfed21f92e65b84f7c463816f9c4bbfea8cae31bd9cda9e459055322d2b9d1cdc93f

Download Submit
/data/data/com.liba.voice/databases/okdownload-breakpoint.db-journal

Filesize
8KB

MD5
e518ec42c48f4234f5a1562d9889dcc1

SHA1
bb7ab1381e7787ace15759fec0671081bb1f2c2d

SHA256
8e058d4b13da2942ee8703f0ec1ceab8e7cd98240724be7578ae3027267f4585

SHA512
8049b3dfef50a0e1d34815ca0b0b94ec199dd6819b53a8e213e973da8863f155db179a96742a7683b3b47ce854c95b21cec29c578b6af2d930757610be7455ce

Download Submit
/data/data/com.liba.voice/databases/okdownload-breakpoint.db-journal

Filesize
8KB

MD5
65b5e394dd13ffe00feddfe9710b0d1d

SHA1
9e46edb6f0e8624fbf246d365db81ddb7ca4b82a

SHA256
07395fe077a6ed16d4b2b6a87fa010ec4738fd5f8c691b629c15e875b36206dd

SHA512
8fbd34b981aef48b99f18b29ecf2fc6b090e5f496c31387d62ecea28dc470e7a34d090d836a3adbd887a5883dc2e45243031c84a0947c72d2dd638580b61ea79

Download Submit
/data/data/com.liba.voice/databases/okdownload-breakpoint.db-journal

Filesize
8KB

MD5
134e96d0e9b77ad70fcc3d7b2e39bb61

SHA1
b337a4d46d12ebd5c4ba7ef2629bec219b4ed49f

SHA256
7bffaaa753742a72b106724b1a70ddfc01089c72b1ff811d0323f4c7c27f856f

SHA512
17d207c0aed296bc55c91bfa9bc9887290edbe37cb817fa432c53f466f5b83e6e81385307ebe811b3ecab5f689f1748e32eedc8e7e17814b9914d10ab81d78a5

Download Submit
/data/data/com.liba.voice/databases/okdownload-breakpoint.db-journal

Filesize
8KB

MD5
b18c1f264a83705d433c3b9e24d98b09

SHA1
84ffcadcce97f6b1af29bcae3420c393716f5879

SHA256
eb7e9725483803a3f8ce1fe279a8adf3cbf92761cc470514afd0e06677f8c937

SHA512
744d91a5fdd3cea937b4d794a47dc10e796cbab69e724fff40f4dfddf9367416db79e86224c392eda235aa398e85ed858c03fa2109d38873e7cba8c13bbd9fa4

Download Submit
/data/data/com.liba.voice/databases/okdownload-breakpoint.db-journal

Filesize
16KB

MD5
077c44a01051cf27a484186effbfe9b0

SHA1
94d726ff42a11d2861e88291fc0fce980d811f31

SHA256
d961472a7711b15226b2feb8800f1725a6618cbbb1cd0e512ac7fb824096d356

SHA512
f37eb3cd1c59f911d47ddac7f4f70d60fa31e17aa030bf07d1b211f604f90077fb965a2126f932c501d7fadb7d4594ffbfb9af74123feadaad20632d7553e7f1

Download Submit
/data/data/com.liba.voice/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.liba.voice/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
66de5cd8a5f4ba37070f74267e5f42f7

SHA1
f39f21762175a733add6d522bc765299196b5ed1

SHA256
1b5b532acf34a92070a30c20770563e9c11133c0b3dca0120099821f89290de3

SHA512
ab80735d5a4c08bedebe0e6c204a89146cede6527368cfc139c619a734eb25564d370f5ffd5ff6b948136e0bce7d1608ad7abde6e69b6b7fa16ebf184b261453

Download Submit
/data/data/com.liba.voice/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.liba.voice/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
308a25c67bbb3ecdd43b7d700c0e119b

SHA1
7ef71758edd9a3a5af0be5d41df6817d8b26ea06

SHA256
f0a00a6be954165aab801ced6b295718d8d2e87579cc5b03df1339e4d86fe88e

SHA512
f34d56d6471ad7c217daa06fc2d8922c4d3305fcfa86094dd7fb7429a5140067cd2cefa524cc7a7220e07e26505d1b75df1ffff5bcf05182c556010fc3d5aa09

Download Submit
/data/data/com.liba.voice/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
90c97a235c66fcccd6db4ec7719516f4

SHA1
0d4d02da7cc7df1b037ee23089618ce02c34edb7

SHA256
5ac2b6add9cda33cd685c8c660d5b182c3a5e21041b75545468309655b6e00cb

SHA512
ff03bf454bf56e5581c9c6638aad01d2682c5f714b5f9bef241d414877a6a8c7ef34119e026acb34886c82a60a36d9e29efad0057dc4f0471c636ee140e8ed18

Download Submit
/data/user/0/com.liba.voice/cache/1675452915457.jar

Filesize
22KB

MD5
216bb03e148e333071ec13a5d000cba9

SHA1
c50144c39f6ad80d7b0cb5a30701272851e66851

SHA256
0869ba6efa2a0c4abb878b75bd8063d6b1752e31618bdbfb00cddec68107a31c

SHA512
df7882aa119eb88af3d859292a4a61e3852cc45d58c47466ec1adb8813622bed872fa977342e62718aa2a4c5f9a202f2a198ed1ac2aaeade0aabeac396bc4d56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads